ASIC is cracking down on cyber security: Are SAP IT teams doing enough?
A recent AFR article reported that ASIC plans to make an example of board directors and executives by taking legal action against compromised companies that did not take sufficient steps to protect their customers and infrastructure from hackers.
SAP teams, therefore, must ensure they are doing everything possible to keep their data and SAP systems secure.
Due diligence
What exactly constitutes adequate cyber safety due diligence hasn’t been tested yet. Is it a matter of implementing something in good faith, or is it ensuring 100% success?
Unfortunately, there is no one silver bullet to secure SAP system data; it requires a suite of solutions and a strategic approach.
Here are several actions that could protect executives and Boards from prosecution.
Secure the jewels
Firstly, SAP teams can secure non-production data to reduce the target size.
For good reasons, companies store lots of valuable data in non-production systems. This data is less secure than production system data and is potentially vulnerable to hacking.
SAP teams can anonymise this data through automated data masking. Masking ensures the data is safe from prying eyes but still useful for testing, analysis or report building.
Libelle DataMasking from Libelle AG is a highly regarded solution and a great place to start.
Shut the doors
Secondly, SAP teams can identify and shut off system vulnerabilities, reducing hacker access points.
SAP contains thousands of points of potential vulnerability. It is almost impossible to determine which ones exist and which are most serious if human resources are to be relied upon only. Suppose an SAP team embarked on a project to identify and shut off every vulnerability within their systems; where would they start?
Fortunately, monitoring software to identify and rate every SAP vulnerability automatically is available to SAP teams. The software simplifies the task and enables rapid risk minimisation.
smarterSec provides software and services to help SAP teams close off high-risk vulnerabilities
Monitor the area
With the jewels secured and the doors shut, the final step is monitoring the area.
Hackers will find their way into systems, even those with high-risk vulnerabilities shut off. It is a matter of time, meaning monitoring is an essential risk mitigation strategy.
Fortunately, many security and cyber-monitoring solutions are available to continually sweep the area for potential hacks to detect threats and hacks..
Vendors such as Onapsis, Security Bridge, and Logpoint are all worth looking into.
Final word
Satisfying Directors and executives that due diligence in keeping data and SAP systems secure is achieved requires a multi-faceted approach.
In addition to overarching IT system network and infrastructure security strategies, data masking, SAP system vulnerability management, and system monitoring and threat detection form a strong three-tier robust defence strategy to protect the jewels of data in SAP systems.
We can help.
Leg Up Software are expert in SAP IT automation.
We know the SAP operations and infrastructure automation solutions landscape and have already done the legwork identifying the best solutions for most repetitive IT tasks.
We have excellent relationships with many software vendors and can negotiate an evaluation process that best suits your circumstances and budget.
For SAP customers looking to gain expert insight into SAP security solutions, we can certainly point you in the right direction.
Why not set up a time to get the conversation started by putting something in our calendar.
Make time to talk with Rick
Alternatively, to learn more about IT automation for SAP teams, see www.legupsoftware.com/solutions
